1

I building a sample API, I want to use OAuth using Microsoft Authentication and resource owner password credentials.

Basically I'm struggling on how to configure both flow in the same web API(server). I went over the sample code in GitHub but they not applied to Web API

So far I have this code in my Start Up file, but it always re-direct me to the API Account controller by default. is this the correct behavior?.

The second part is how I configure and implement resource owner password credentials OAuth Flow and do I need to use Identity to properly authenticate the users or needs to be done using Token authentication.

public class Startup
{
public Startup(IHostingEnvironment env)
{
}

// This method gets called by a runtime.
// Use this method to add services to the container
public void ConfigureServices(IServiceCollection services)
{
    services.AddAuthentication();
    services.Configure<SharedAuthenticationOptions>(options =>
    {
        options.SignInScheme = CookieAuthenticationDefaults.AuthenticationScheme;
    });

    services.Configure<OpenIdConnectAuthenticationOptions>(options =>
    {
        options.ClientId = "63a87a83-64b9-4ac1-b2c5-092126f8474f";
        options.Authority = "https://login.windows.net/tratcheroutlook.onmicrosoft.com";
        options.RedirectUri = "http://localhost:4107";
    });

    services.AddMvc();

    // Uncomment the following line to add Web API services which makes it easier to port Web API 2 controllers.
    // You will also need to add the Microsoft.AspNet.Mvc.WebApiCompatShim package to the 'dependencies' section of project.json.
    // services.AddWebApiConventions();
}

// Configure is called after ConfigureServices is called.
public void Configure(IApplicationBuilder app, IHostingEnvironment env)
{
    // Configure the HTTP request pipeline.
    app.UseStaticFiles();

    app.UseCookieAuthentication(options =>
    {
        options.AutomaticAuthentication = true;
    });

    // Add MVC to the request pipeline.
    app.UseMvc();



    //app.UseOpenIdConnectAuthentication(c => new OpenIdConnectAuthenticationOptions { ClaimsIssuer = "" });
    //app.UseOpenIdConnectAuthentication(new OpenIdConnectServerOptions
    //{
    //    Issuer = "http://localhost:55985/",
    //    AllowInsecureHttp = true,
    //    SigningCredentials = credentials,

    //    Provider = new CustomOpenIdConnectServerProvider()
    //});
    // Add the following route for porting Web API 2 controllers.
    // routes.MapWebApiRoute("DefaultApi", "api/{controller}/{id?}");
}
}
Son_of_Sam
  • 1,913
  • 2
  • 22
  • 37
  • You should take a look at this SO question and its 2 answers: http://stackoverflow.com/questions/30768015/configure-the-authorization-server-endpoint – Kévin Chalet Sep 13 '15 at 18:29
  • the answer is not valid for beta7 – Son_of_Sam Sep 14 '15 at 02:08
  • Heh, no... it's still valid for beta7. You can find the beta2 version of the project used in the answer (for ASP.NET beta7) on NuGet.org: http://www.nuget.org/packages/AspNet.Security.OpenIdConnect.Server/ – Kévin Chalet Sep 14 '15 at 02:19
  • @Pinpoint I was forking the incorrect branch I was using vNext instead of Dev. – Son_of_Sam Sep 14 '15 at 13:16
  • The dev branch is for OWIN/Katana. Only vNext works with ASP.NET 5 but you need beta8 to use it. If you prefer beta7, use the NuGet package. – Kévin Chalet Sep 14 '15 at 13:17
  • I want t use beta-8 because I want to add to sample server project a resource owner password credentials flow. – Son_of_Sam Sep 14 '15 at 13:22

0 Answers0